Jump to content

Recommended Posts

While we wait for staff, The reason these files were detected is you are running a "custom" full scan.

Quote

Scan Type: Custom Scan
Scan Initiated By: Scheduler

A threat scan is all that is needed on any regular basis.

The file location of these files is the Windows.old folder that is left behind by a Feature update or a repair install. This folder is suposed to auto delete after 10 days.

This detection is located in a folder that is not normally scanned with a threat scan and the heuristics (AI) are finding the files in a non-standard location for those Windows files.

Link to post
Share on other sites

Right, so it's safe to assume to completely delete those files and delete Windows.Old while I'm at it.

Also I only do custom scans is to get multiple hard drives connected to the scan. 

Link to post
Share on other sites
Just now, Raxrtos said:

Also I only do custom scans is to get multiple hard drives connected to the scan

Scanning other drives is not really needed on a regular basis.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

Depending on the contents of those other drives also note,

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution only with the anti-exploit module of the paid program.

Link to post
Share on other sites
8 minutes ago, Porthos said:

Scanning other drives is not really needed on a regular basis.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

 

 

Depending on the contents of those other drives also note,

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

 

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

 

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

 

Malwarebytes will detect files like these on execution only with the anti-exploit module of the paid program.

 

Thanks for this information, it was interesting to read though since to get some insight on what Malwarebytes does.

Cheers. 

Link to post
Share on other sites
1 minute ago, Raxrtos said:

Thanks for this information, it was interesting to read though since to get some insight on what Malwarebytes does.

Cheers. 

I also suggest to be sure Windows Defender is active as well by making sure the following setting is off.

 

2021-02-28_17h17_49.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.